Unrated severityNVD Advisory· Published May 12, 2010· Updated Apr 29, 2026
CVE-2010-1918
CVE-2010-1918
Description
SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter.
Affected products
17cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*range: <=3.6.2
- cpe:2.3:a:efrontlearning:efront:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:efrontlearning:efront:3.6.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- osvdb.org/64506nvdExploit
- packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdfnvdExploit
- www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.htmlnvdExploit
- www.securityfocus.com/bid/40032nvdExploit
- secunia.com/advisories/39728nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1101nvdVendor Advisory
News mentions
0No linked articles in our index yet.